If you think of the Sourcefire Next-Generation IPS (NGIPS) as a high performance car, and Snort® as the high performance engine, there is one more element required – high octane fuel. Like any high performance system, Snort requires premium fuel to optimize performance. Snort rules are the fuel.
Snort rules are open for anyone to inspect, and can be verified to address the vulnerability for which coverage is claimed. The Snort rules format is the industry standard, used by security professionals worldwide. Snort’s open rules format gives customers the ability to:
Sourcefire VRT® (Vulnerability Research Team) vulnerability-based rules are the official rules of Snort.org and are used by the Sourcefire NGIPS. Rather than traditional exploit-based signatures, which provide no protection against unknown or zero-day threats, VRT rules:
The power, precision and flexibility of Sourcefire® technology and Snort’s robust rules language enable the industry’s most comprehensive threat coverage. Sourcefire enhances this coverage by combining the accuracy of Snort with the expertise of the Sourcefire VRT, a group of leading edge intrusion prevention experts dedicated to developing vulnerability-based rules and zero-day protection. Their insight, together with the network insight provided by Sourcefire FireSIGHT® and real world insights of the user community means Sourcefire customers have the most effective network security available today.
For more information on how to obtain these rules, visit snort.org/vrt.
For the latest Sourcefire VRT advisories, click here.
Catch the latest news from the Sourcefire VRT on their official blog page here.